2016’s Newest Most Dangerous Strain of Ransomware, ‘Maktub’

The Internet has been around for quite awhile now, having birthed entire industries and changed the way economies function. Having been a primarily benevolent force to the world by providing jobs and advancing knowledge in general, among many other things, it has also provided new avenues and outlets for criminals to become more creative.

Consider the following: technology and the Internet are like cars in a way. Most of us drive them, but most of us don’t know the details of their underlying mechanics, making it is easy for crooked mechanics to take advantage of the naive and unsuspecting. These crooked mechanics have a certain sense of power over someone who can only drive a car because they possess the necessary knowledge of how to fix something their customers have brought to them, but also need in their everyday lives. In a way, when you put something your entire life relies so much on into someone else’s hands, that someone can very easily extort you. They can charge you whatever their heart desires to ‘fix’ it, or return it you for that matter, because they know you really do need it. Now apply this same exact concept to computer users who store massive amounts of important data on their computer.

If the ability to access ones own data is taken away, that data can very easily be taken hostage. Whoever takes it can put a ransom on your precious information and milk you for everything you’re worth. This happens to Internet users everyday in the form of a phishing scam known as ‘ransomware.’ Businesses, especially, are at greater risk of falling prey to the criminals behind scams like this because a company’s information can be accessed from a number of portals. All it takes is one unsuspecting employee to fall prey to an email that might appear to be something as harmless as a “terms of service update.”

That is exactly how a new strain of Russian ransomware, Maktub, is infecting unsuspecting users. In other words, people are simply handing the keys to their ‘car’ over to the criminals behind this scam and then being charged ridiculous amounts of money to get their ‘keys,’ or data, if you will, back from the online kidnappers.

Maktub, the Russian ransomware, is professionally employing these sorts of social engineering tricks. Once the user has clicked the bait and opened the document, “a fake TOS update in .rtf format [appears]. However, in the background, their files are being encrypted.”

Maktub’s technology is highly advanced and dangerous. In addition to encrypting your files, which they manage to do offline without any sort of key, the victim’s files are compressed as well. Once this happens, it almost seems like the kidnappers of your data are toying with you. They offer users a “cold-comfort-demo” where they can choose two files to decrypt and receive back. So they steal your precious information then try to be polite about the fact they have essentially taken the keys to any business’ or person’s life hostage in every sense of the word. I suppose it makes sense, though, to try and prove they are trustworthy enough to hold up their end of the bargain after a payment is made.

The ransom debt basically works like a credit card. The first three days are set at 1.4 BTC and as time goes on the price increases, like you are paying them interest for doing you some sort of favor. After 15 days the ransom is set at 3.9 BTC and there is “no guarantee that [they] saved the key.” In other words, they threaten to erase everything they stole in order to instill you with the fear of never being able to access your precious data again.